|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77505 streams/HTTPS cannot be used with WinSSL/schannel
Submitted: 2019-01-23 01:35 UTC Modified: 2019-01-25 11:32 UTC
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: vjardin at free dot fr Assigned:
Status: Open Package: Streams related
PHP Version: 7.3.1 OS: Windows
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-01-23 01:35 UTC] vjardin at free dot fr
Assuming WinSSL is used, so openssl is disabled,
  $data = file_get_contents('');

leads to
PHP Warning:  file_get_contents(): Unable to find the wrapper "https" - did you forget to enable it when you configured PHP? in ssl.php on line 2

If we enable openssl, but the certificates are into the Windows' store, then of course, it cannot work:

$ php -d extension=openssl ssl.php
PHP Warning:  file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure in ssl.php on line 7


$ php -v
PHP 7.2.14RC1 (cli) (built: Jan  6 2019 01:20:28) ( NTS MSVC15 (Visual C++ 2017) x64 )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

$ php -i | findstr configu
Configure Command => cscript /nologo configure.js "--enable-snapshot-build" "--enable-crt-debug" "--disable-zts" "--enable-pdo" "--with-pdo-oci=C:\php-sdk\oracle\x64\instantclient_12_1\sdk,shared" "--with-oci8=C:\php-sdk\oracle\x64\instantclient_10_2\sdk,shared" "--with-oci8-11g=C:\php-sdk\oracle\x64\instantclient_11_2\sdk,shared" "--with-oci8-12c=C:\php-sdk\oracle\x64\instantclient_12_1\sdk,shared" "--enable-com-dotnet=shared" "--with-ereg=shared" "--with-odbcver=0x0380" "--with-php-build=../win64build.vc15"

$ php -i | findstr /I SSL
SSL => Yes
SSL Version => WinSSL
core SSL => supported
extended SSL => not supported
OpenSSL support => disabled (install ext/openssl)

Test script:


$data = file_get_contents('');


Expected result:
Open a stream SSL/HTTPS connecion without OpenSSL but using WinSSL. libssh2 does support libssh2/WinSSL. It can become the abstraction layer.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-25 11:32 UTC]
Thanks for the report.

> Assuming WinSSL is used, so openssl is disabled,
There is no support for WinSSL in streams, so it can't be used. To use encrypted streams, OpenSSL is required.

> If we enable openssl, but the certificates are into the Windows' store, then of course, it cannot work:
OpenSSL interacts with the Windows certificate store. The certificate store receives centralized updates. If something is not there - most likely the store has not been updated yet. That's also often a reason for issues with self signed certificates.

Having support for WinSSL might be a feature, yes. However, not all the dependencies support it. Also, for the core we'd have to maintain two layers of security, which doubles efforts and bug sources. Just depending on OpenSSL seems OK.

 [2019-07-05 22:03 UTC] vjardin at free dot fr
For the maintenance, it depends of the point of view. Having a native Windows SSL support instead of openssl decreases the SSL surface to a unique WinSSL / schannel that becomes the common SSL layer for all Windows applications. When PHP uses openssl, it means that we have to keep 2 SSL stacks on Windows (WinSSL + openssl).
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Apr 18 21:01:24 2021 UTC